8 files changed, 83 insertions, 10 deletions

diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index c5f82121..3ed04781 100644
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -321,6 +321,7 @@ fi
 %{_includedir}/ckm/ckm/ckm-pkcs12.h
 %{_includedir}/ckm/ckm/ckm-raw-buffer.h
 %{_includedir}/ckm/ckm/ckm-type.h
+%{_includedir}/ckm/ckm/ckm-zero-memory.h
 %{_includedir}/ckm/ckmc/ckmc-manager.h
 %{_includedir}/ckm/ckmc/ckmc-control.h
 %{_includedir}/ckm/ckmc/ckmc-error.h
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index ae5f83e9..70dca663 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -243,6 +243,7 @@ INSTALL(FILES
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-pkcs12.h
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-raw-buffer.h
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-type.h
+    ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-zero-memory.h
     DESTINATION /usr/include/ckm/ckm
     )
 INSTALL(FILES
diff --git a/src/include/ckm/ckm-raw-buffer.h b/src/include/ckm/ckm-raw-buffer.h
index 8ae908f0..d9b41a7c 100644
--- a/src/include/ckm/ckm-raw-buffer.h
+++ b/src/include/ckm/ckm-raw-buffer.h
@@ -23,9 +23,10 @@
 #define _SAFE_BUFFER_H_
 
 #include <stddef.h>
-#include <string.h>
 #include <vector>
 
+#include <ckm/ckm-zero-memory.h>
+
 namespace CKM {
 
 template <typename T>
@@ -54,7 +55,7 @@ struct std_erase_on_dealloc {
 	void deallocate(T *ptr, std::size_t n)
 	{
 		// clear the memory before deleting
-		memset(ptr, 0 , n * sizeof(T));
+		ZeroMemory(reinterpret_cast<unsigned char*>(ptr), n * sizeof(T));
 		::operator delete(ptr);
 	}
 
diff --git a/src/include/ckm/ckm-zero-memory.h b/src/include/ckm/ckm-zero-memory.h
new file mode 100644
index 00000000..bc1397cf
--- /dev/null
+++ b/src/include/ckm/ckm-zero-memory.h
@@ -0,0 +1,32 @@
+/*
+ *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       ckm-zero-memory.h
+ * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version    1.0
+ * @brief
+ */
+
+#pragma once
+
+#include <cstddef>
+
+namespace CKM {
+
+void ZeroMemory(unsigned char* buffer, size_t size);
+
+} // namespace CKM
+
diff --git a/src/manager/CMakeLists.txt b/src/manager/CMakeLists.txt
index 2f071eb5..53c572c1 100644
--- a/src/manager/CMakeLists.txt
+++ b/src/manager/CMakeLists.txt
@@ -25,6 +25,7 @@ SET(COMMON_SOURCES
     ${COMMON_PATH}/common/key-aes-impl.cpp
     ${COMMON_PATH}/common/pkcs12-impl.cpp
     ${COMMON_PATH}/common/log-setup.cpp
+    ${COMMON_PATH}/common/ckm-zero-memory.cpp
     ${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
     ${COMMON_PATH}/dpl/log/src/dlog_log_provider.cpp
     ${COMMON_PATH}/dpl/log/src/log.cpp
diff --git a/src/manager/common/ckm-zero-memory.cpp b/src/manager/common/ckm-zero-memory.cpp
new file mode 100644
index 00000000..70029a54
--- /dev/null
+++ b/src/manager/common/ckm-zero-memory.cpp
@@ -0,0 +1,42 @@
+/*
+ *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       ckm-zero-memory.cpp
+ * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version    1.0
+ * @brief
+ */
+
+#include <ckm/ckm-zero-memory.h>
+
+#include <string.h>
+
+#include <symbol-visibility.h>
+
+namespace CKM {
+
+// Temporarily disable optimizations to make sure that memset() is not optimized out.
+#pragma GCC push_options
+#pragma GCC optimize("O0")
+
+COMMON_API void ZeroMemory(unsigned char* buffer, size_t size)
+{
+	memset(buffer, 0, size);
+}
+
+#pragma GCC pop_options
+
+} // namespace CKM
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 29c8ee49..18911537 100644
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -17,6 +17,7 @@
 #include <exception.h>
 #include <key-provider.h>
 #include <dpl/log/log.h>
+#include <ckm/ckm-zero-memory.h>
 #include <string.h>
 
 #include <array>
@@ -296,14 +297,7 @@ void KeyAndInfoContainer::setKeyInfo(const KeyComponentsInfo *keyComponentsInfo)
 KeyAndInfoContainer::~KeyAndInfoContainer()
 {
 	// overwrite key
-	char *ptr = reinterpret_cast<char *>(&keyAndInfo);
-	memset(ptr, 0, sizeof(KeyAndInfo));
-
-	// verification
-	for (size_t size = 0; size < sizeof(KeyAndInfo); ++size) {
-		if (ptr[size])
-			LogError("Write memory error! Memory used by key was not owerwritten.");
-	}
+	ZeroMemory(reinterpret_cast<unsigned char*>(&keyAndInfo), sizeof(KeyAndInfo));
 }
 
 KeyProvider::KeyProvider() :
diff --git a/src/manager/service/ss-migrate.cpp b/src/manager/service/ss-migrate.cpp
index 635c10c6..cb446d9b 100644
--- a/src/manager/service/ss-migrate.cpp
+++ b/src/manager/service/ss-migrate.cpp
@@ -28,6 +28,7 @@
 #include <unistd.h>
 #include <dirent.h>
 #include <sys/stat.h>
+#include <string.h>
 
 #include <dpl/log/log.h>
 #include <ss-crypto.h>